feat: add DIFY_DB_USER/DIFY_DB_PASS env overrides for per-service DB credentials

[lin-snow]

Important

1. Make sure you have read our contribution guidelines
2. Ensure there is an associated issue and you have been assigned to it
3. Use the correct syntax to link this PR: Fixes #<issue number>.

Summary

Fixes #34752
resolves ENG-164

Add DIFY_DB_USER and DIFY_DB_PASS as optional environment variable overrides for DB_USERNAME and DB_PASSWORD.

Why: Docker Compose cannot do per-service variable fallback inside a shared YAML anchor (x-shared-env). To support per-service DB credentials (e.g. least-privilege access), the fallback must happen in application code.

What changed (api/configs/middleware/__init__.py):

• Added two optional fields DIFY_DB_USER / DIFY_DB_PASS (default None).
• Added effective_db_username / effective_db_password computed properties that prefer the new vars when set, falling back to the originals.
• Updated SQLALCHEMY_DATABASE_URI to use the effective values.

No breaking change — unset vars fall back to existing DB_USERNAME / DB_PASSWORD.

Screenshots

N/A (backend config only, no UI change)

Checklist

• This change requires a documentation update, included: Dify Document
• I understand that this PR may be closed in case there was no previous discussion or issues. (This doesn't apply to typos!)
• I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
• I've updated the documentation accordingly.
• I ran make lint and make type-check (backend) and cd web && pnpm exec vp staged (frontend) to appease the lint gods

[github-actions]

Pyrefly Diff

No changes detected.

[wylswz]

I would suggest implementing this in orchestration layer. Will close this for now.